similar to: CentOS-virt - Kernel Side-Channel Attacks

On 01/04/2018 10:49 AM, Akemi Yagi wrote: > On Thu, Jan 4, 2018 at 9:51 AM, <rikske at deds.nl> wrote: > >> Please patch the CentOS-virt Kernel to fix the >> Kernel Side-Channel Attacks vulnerabilities. >> >> The latest CentOS-virt kernel was released in November, as seen below. >> >> kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30 >>

On 01/05/2018 06:33 AM, George Dunlap wrote: > On Thu, Jan 4, 2018 at 7:12 PM, Sarah Newman <srn at prgmr.com> wrote: >> On 01/04/2018 10:49 AM, Akemi Yagi wrote: >>> On Thu, Jan 4, 2018 at 9:51 AM, <rikske at deds.nl> wrote: >>> >>>> Please patch the CentOS-virt Kernel to fix the >>>> Kernel Side-Channel Attacks vulnerabilities.

On Thu, Jan 4, 2018 at 9:51 AM, <rikske at deds.nl> wrote: > Please patch the CentOS-virt Kernel to fix the > Kernel Side-Channel Attacks vulnerabilities. > > The latest CentOS-virt kernel was released in November, as seen below. > > kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30 > > https://access.redhat.com/security/vulnerabilities/speculativeexecution >

On Thu, Jan 4, 2018 at 7:12 PM, Sarah Newman <srn at prgmr.com> wrote: > On 01/04/2018 10:49 AM, Akemi Yagi wrote: >> On Thu, Jan 4, 2018 at 9:51 AM, <rikske at deds.nl> wrote: >> >>> Please patch the CentOS-virt Kernel to fix the >>> Kernel Side-Channel Attacks vulnerabilities. >>> >>> The latest CentOS-virt kernel was released in

Is this CentOS-virt kernel compatible and recommended for KVM use or should I stick with 3.10? 4. jan. 2018 6:51 pop. je oseba <rikske at deds.nl> napisala: Please patch the CentOS-virt Kernel to fix the Kernel Side-Channel Attacks vulnerabilities. The latest CentOS-virt kernel was released in November, as seen below. kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30

Hi, A few days ago I stumbled upon a problem where SpeculativeExecution changed the order of a load and a store to the same address. I wrote https://bugs.llvm.org//show_bug.cgi?id=32964 about it but no response there so far. In the input we have store i8 0, i8* @i %.pre = load i8, i8* @i and then in the output the load is moved so it's before the store which clearly makes it

Hi Johnny, Thank you for your reply. It seems to me that my message may have came around as offensive but that was not my intend. I have basic understanding how things work and when I said CentOS I actually meant Red Hat and all its derivatives. I asked CentOS community because that's the community I'm member of. Not to say that CentOS is not secure or anything like that. Anyway,

I have a clean install, fully updated CentOS 6 32-bit. When I run the Red Hat detection script: https://access.redhat.com/sites/default/files/spectre-meltdown--a79614b.sh it finds that the system is vulnerable. Is this false positive or there is no patches for CentOS 6 32-bit systems? Thank you, -- Peter

On Tue, Jan 23, 2018 at 06:20:39PM -0600, Kevin Stange wrote: > On 01/23/2018 05:57 PM, Karl Johnson wrote: > > > > > > On Tue, Jan 23, 2018 at 4:50 PM, Nathan March <nathan at gt.net > > <mailto:nathan at gt.net>> wrote: > > > > Hi, > > > > > Hmm.. isn't this the ldisc bug that was discussed a few months ago on this

On Tue, Jan 23, 2018 at 4:50 PM, Nathan March <nathan at gt.net> wrote: > Hi, > > > Hmm.. isn't this the ldisc bug that was discussed a few months ago on > this > list, > > and a patch was applied to virt-sig kernel aswell? > > > > Call trace looks similar.. > > Good memory! I'd forgotten about that despite being the one who ran into >

> -----Original Message----- > From: CentOS-virt [mailto:centos-virt-bounces at centos.org] On Behalf Of > Johnny Hughes > Sent: Wednesday, January 24, 2018 6:39 AM > To: centos-virt at centos.org > Subject: Re: [CentOS-virt] Xen 4.6.6-9 (with XPTI meltdown mitigation) > packages making their way to centos-virt-xen-testing > > On 01/24/2018 01:01 AM, Pasi K?rkk?inen

I have built all the source code releases from upstream for RHEL-6 regarding meltdown /spectre and released those into packages into the CentOS Linux 6.9 updates repository. As to whether or not either Arch (x86_64 or i386) is or is not vulnerable, the CentOS team does not test for or make claims concerning security fitness. What we do build the source code that is released upstream. Users must

CentOS Errata and Security Advisory 2018:0007 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:0007 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 320ab3bd00bd1f051c69f65f2d4cd6ab64585f977d9cd7a52e64e8f8147894fc kernel-3.10.0-693.11.6.el7.x86_64.rpm

Hi, On Tue, Jan 23, 2018 at 10:35:24AM -0800, Nathan March wrote: > > Thanks for the heads-up. It's been running through XenServer's tests > > as well as the XenProject's "osstest" -- I haven't heard of any > > additional issues, but I'll ask. > > Looks like I can reproduce this pretty easily, this happened upon ssh'ing > into the

Hi folks, Firstly; apologies in advance for what is a head wrecker of keeping on top of the speculative mitigations and also if this is a duplicate email; my first copy didn't seem to make it into the archive. Also a disclaimer that I may have misunderstood elements of the below but please bear with me. I write this hoping to find out a bit more about the state of the relevant kernel

Hi all Anyone having problems running logon scripts in 4.2.2? I've created a few test scripts (.bat, .vbs, etc) and placed them in the netlogon folder and then assigned some user accounts either the .bat or .vbs files using RSAT tools. Yet at login none of my client workstations (Windows XP, 7 or 8) execute their login scripts, none get mapped drives, etc. Browsing to the netlogon

Hi everyone! I want to clarify the purpose and design of SESES. Thus far, I've characterized it as an LVI mitigation which is somewhat incorrect. SESES was built as a "big hammer." It is intended to protect against many side channel vulnerabilities (Spectre v1, Spectre v4, LVI, etc, etc) even though it was built in response to LVI. For folks protecting against LVI, this is an

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the

Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the